Oval Definition:oval:org.mitre.oval:def:26275
Revision Date:2015-08-10Version:25
Title:CSyncBasePlayer use after free vulnerability - CVE-2014-4060 (MS14-043)
Description:Use-after-free vulnerability in MCPlayer.dll in Microsoft Windows Media Center TV Pack for Windows Vista, Windows 7 SP1, and Windows Media Center for Windows 8 and 8.1 allows remote attackers to execute arbitrary code via a crafted Office document that triggers deletion of a CSyncBasePlayer object, aka "CSyncBasePlayer Use After Free Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2014-4060
Platform(s):Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Vista
Product(s):Microsoft Windows Media Center
Definition Synopsis
  • Microsoft Windows Media Center is installed
  • AND VULNERABLE versions
  • Vista vulnerable file version
  • Vista base
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • AND Check if the version of Mcplayer.dll is less than 6.1.1000.18324
  • OR Win 7 base and vulnerable file version
  • Win 7
  • Microsoft Windows 7 (32-bit) is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • AND Check for vulnerable version
  • Check if the version of Mcplayer.dll is less than 6.1.7601.18523
  • OR LDR range
  • Check if the version of Mcplayer.dll is greater than or equal to 6.1.7601.22000
  • AND Check if the version of Mcplayer.dll is less than 6.1.7601.22733
  • OR Windows 8 and vulnerable file version
  • Windows 8 32/64 bit
  • Microsoft Windows 8 (x86) is installed
  • OR Microsoft Windows 8 (x64) is installed
  • AND Check for vulnerable version
  • Check if the version of Mcplayer.dll is less than 6.2.9200.17045
  • OR Check for LDR
  • Check if the version of Mcplayer.dll is greater than or equal to 6.2.9200.21000
  • AND Check if the version of Mcplayer.dll is less than 6.2.9200.21162
  • OR Win 8.1 and vulnerable file version
  • Win 8.1 32 / 64 bit
  • Microsoft Windows 8.1 (x86) is installed
  • OR Microsoft Windows 8.1 (x64) is installed
  • AND Check if the version of Mcplayer.dll is less than 6.3.9600.17224
    • BACK